# myapp/middleware.py
class CustomXFrameOptionsMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        response = self.get_response(request)
        # 允许特定的 URI 嵌入
        response['Content-Security-Policy'] = "frame-ancestors 'self' http://localhost:5173;"
        return response